Safety verification of a fault tolerant reconfigurable autonomous goal-based robotic control system

Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System (MDS), developed at the Jet Propulsion Laboratory, takes a goal-based control approach. In this paper, a method for converting goal network control programs into linear hybrid systems is developed. The linear hybrid system can then be verified for safety in the presence of failures using existing symbolic model checkers. An example task is simulated in MDS and successfully verified using HyTech, a symbolic model checking software for linear hybrid systems

An Integrated Monitor-Diagnosis-Reconfiguration Scheme for (Semi-) Autonomous Systems

A nested monitoring, diagnosis and reconfiguration (MDR) scheme is proposed for a Recursive Nested Behavior based Control structure (RNBC)constituting a generic system architecture for (semi-) autonomous mobile systems. Each behavior layer within the RNBC structure is associated with a MDR schema, which is responsible to ensure the dependability of every single layer. An online dependability measurement and diagnosis procedure is integrated into monitor and diagnosis blocks under consideration of performance and safety acceptability factors. The reconfiguration blocks within the MDR-scheme switch from components with unacceptable behavior to redundant components, which may have degraded performance but more robust and safe behavior. The MDR blocks at each layer are nested through unified interfaces in order to utilize the distributed modeling of system behavior and to facilitate the system design and implementation process. In a small case study the MDR scheme is demonstrated for an assistant wheelchair on the body velocity control and axis velocity control levels. Simulation results show the feasibility and effectiveness of the approach

The Use of Fault Trees for the Design of Robots for Hazardous Environments

This paper addresses the application of fault trees to the analysis of robot manipulator reliability and fault tolerance. Although a common and useful tool in other applications, fault trees have only recently been applied to robots. In addition, most of the fault tree analyses in robotics have focused on qualitative, rather than quantitative, analysis. Robotic manipulators present some special problems, due to the complex and strongly coupled nature of their subsystems, and also their wild response to subsystem failures. Additionally, there is a lack of reliability data for robots and their subsystems. There has traditionally been little emphasis on fault tolerance in the design of industrial robots, and data regarding operational robot failures is relatively scarce.National Science FoundationSandia National LaboratoryNAS

Conversion and verification procedure for goal-based control programs

Fault tolerance and safety verification of control systems are essential for the success of autonomous robotic systems. A control architecture called Mission Data System, developed at the Jet Propulsion Laboratory, takes a goal-based control approach. In this paper, a method for converting goal network control programs into linear hybrid systems is developed. The linear hybrid system can then be verified for safety in the presence of failures using existing symbolic model checkers. An example task is developed and successfully verified using HyTech, a symbolic model checking software for linear hybrid systems

Real-time failure-tolerant control of kinematically redundant manipulators

Includes bibliographical references.This work considers real-time fault-tolerant control of kinematically redundant manipulators to single locked-joint failures. The fault-tolerance measure used is a worst-case quantity, given by the minimum, over all single joint failures, of the minimum singular value of the post-failure Jacobians. Given any end-effector trajectory, the goal is to continuously follow this trajectory with the manipulator in configurations that maximize the fault-tolerance measure. The computation required to track these optimal configurations with brute-force methods is prohibitive for real-time implementation. We address this issue by presenting algorithms that quickly compute estimates of the worst-case fault-tolerance measure and its gradient. Real-time implementations are presented for all these techniques, and comparisons show that the performance of the best is indistinguishable from that of brute-force implementations.This work was supported by Sandia National Laboratories under contract number AL-3011

Undetected locked-joint failures in kinematically redundant manipulators: a workspace analysis

Includes bibliographical references.Robots are frequently used for operations in hostile environments. The very nature of these environments, however, increases the likelihood of robot failures. Common failure tolerance techniques rely on effective failure detection. Since a failure may not always be successfully detected, or even if detected, may not be detected soon enough, it becomes important to consider the behavior of manipulators with undetected failures. This work focuses on developing techniques to analyze a manipulator's workspace and identify regions in which tasks, characterized by sequences of point-to-point moves, can be completed even with such failures. Measures of fault tolerance are formulated to allow for the evaluation of the workspace.This work was supported by Sandia National Labs under contract no. AL-3011 and by NSF under contract no. MIP-9708309

Fault Residual Generation via Nonlinear Analytical Redundancy

Fault detection is critical in many applications, and analytical redundancy (AR) has been the key underlying tool for many approaches to fault detection. However, the conventional AR approach is formally limited to linear systems. In this brief, we exploit the structure of nonlinear geometric control theory to derive a new nonlinear analytical redundancy (NLAR) framework. The NLAR technique is applicable to affine systems and is seen to be a natural extension of linear AR. The NLAR structure introduced in this brief is tailored toward practical applications. Via an example of robot fault detection, we show the considerable improvement in performance generated by the approach compared with the traditional linear AR approach

Fault tolerance force for redundant manipulators

Fault tolerant manipulators maintain their trajectory even if their joint/s fails. Assuming that the manipulator is fault tolerant on its trajectory, fault tolerant compliance manipulators provide required force at their end-effector even when a joint fails. To achieve this, the contributions of the faulty joints for the force of the end-effector are required to be mapped into the proper compensating joint torques of the healthy joints to maintain the force. This paper addresses the optimal mapping to minimize the force jump due to a fault, which is the maximum effort to maintain the force when a fault occurs. The paper studies the locked joint fault/s of the redundant manipulators and it relates the force jump at the end-effector to the faults within the joints. Adding on a previous study to maintain the trajectory, in here the objective is to providing fault tolerant force at the end-effector of the redundant manipulators. This optimal mapping with minimum force jump is presented using matrix perturbation model. And the force jump is calculated through this model for single and multiple joints fault. The proposed optimal mapping is used in different fault scenarios for a 5-DOF manipulator; also it is deployed to compensate the force at the end-effector for the 5-DOF manipulator through simulation study and the results are presented

Real-time failure-tolerant control of kinematically redundant manipulators

Includes bibliographical references (pages 1115-1116).This work considers real-time fault-tolerant control of kinematically redundant manipulators to single locked-joint failures. The fault-tolerance measure used is a worst-case quantity, given by the minimum, over all single joint failures, of the minimum singular value of the post-failure Jacobians. Given any end-effector trajectory, the goal is to continuously follow this trajectory with the manipulator in configurations that maximize the fault-tolerance measure. The computation required to track these optimal configurations with brute-force methods is prohibitive for real-time implementation. We address this issue by presenting algorithms that quickly compute estimates of the worst-case fault-tolerance measure and its gradient. Comparisons show that the performance of the best method is indistinguishable from that of brute-force implementations. An example demonstrating the real-time performance of the algorithm on a commercially available seven degree-of-freedom manipulator is presented